Admin 控制台
可运行的示例包:内嵌 admin、示例 access/error 日志、TLS 证书,以及 SQLite 审计状态。
源码目录:examples/admin-console/。
配置
yaml
version: v1
port: 8080
admin:
enabled: true
port: 9080
database:
driver: sqlite
dsn: file:./admin.db?cache=shared&_fk=1
web:
dev_proxy: true
geoip:
ingress_label: 上海
ingress_lat: 31.2304
ingress_lng: 121.4737
cache:
ttl: 300
prefix: "ingress:"
waf:
enabled: true
log_only: false
builtin: true
trust_proxy: true
healthcheck:
outer:
enable: true
path: /healthz
ok: true
inner:
enable: true
interval: 30
timeout: 5
https:
port: 8443
redirect_from_http:
permanent: true
ssl:
- domain: api.example.com
cert:
certificate: ./certs/api.example.com.pem
certificate_key: ./certs/api.example.com.key.pem
- domain: cdn.example.com
cert:
certificate: ./certs/cdn.example.com.pem
certificate_key: ./certs/cdn.example.com.key.pem
- domain: assets.cdn.example.com
cert:
certificate: ./certs/assets.cdn.example.com.pem
certificate_key: ./certs/assets.cdn.example.com.key.pem
- domain: admin.internal
cert:
certificate: ./certs/admin.internal.pem
certificate_key: ./certs/admin.internal.key.pem
- domain: legacy.example.com
cert:
certificate: ./certs/legacy.example.com.pem
certificate_key: ./certs/legacy.example.com.key.pem
- domain: tunnel-a.inlets.example.com
cert:
certificate: ./certs/tunnel-a.inlets.example.com.pem
certificate_key: ./certs/tunnel-a.inlets.example.com.key.pem
- domain: waf-demo.example.com
cert:
certificate: ./certs/waf-demo.example.com.pem
certificate_key: ./certs/waf-demo.example.com.key.pem
- domain: portal.example.com
cert:
certificate: ./certs/portal.example.com.pem
certificate_key: ./certs/portal.example.com.key.pem
fallback:
type: handler
handler:
type: static_response
headers:
Content-Type: text/plain; charset=utf-8
body: |
fallback ok
services:
- name: api.internal
port: 8080
note: API 主集群(演示用 handler 替代)
- name: api-v2.internal
port: 8080
note: API v2 路径专用
- name: home
port: 8080
rules:
- host: api.example.com
backend:
type: handler
handler:
type: static_response
headers:
Content-Type: application/json
body: |
{"ok":true,"service":"api"}
cache:
enabled: true
ttl: 300
paths:
- path: /v2
backend:
type: handler
handler:
type: static_response
headers:
Content-Type: application/json
body: |
{"v2":true,"users":[]}
cache:
enabled: true
ttl: 600
max_body_bytes: 2097152
- path: /public
backend:
type: handler
handler:
type: static_response
headers:
Content-Type: application/json
body: |
{"public":true}
cache:
enabled: true
ttl: 300
max_body_bytes: 2097152
- path: /search
backend:
type: handler
handler:
type: static_response
headers:
Content-Type: application/json
body: |
{"results":[]}
- path: /error/400
backend:
type: handler
handler:
type: static_response
status_code: 400
headers:
Content-Type: application/json
body: |
{"error":"bad request"}
- path: /error/403
backend:
type: handler
handler:
type: static_response
status_code: 403
headers:
Content-Type: application/json
body: |
{"error":"forbidden"}
- path: /error/500
backend:
type: handler
handler:
type: static_response
status_code: 500
headers:
Content-Type: application/json
body: |
{"error":"internal"}
- host: cdn.example.com
backend:
type: handler
handler:
type: file_server
root_dir: ./static
index_file: assets/app.js
cache:
enabled: true
ttl: 3600
- host: assets.cdn.example.com
host_type: exact
backend:
type: handler
handler:
type: file_server
root_dir: ./static
index_file: static/main.js
cache:
enabled: true
ttl: 3600
- host: portal.example.com
backend:
type: handler
handler:
type: static_response
headers:
Content-Type: text/html; charset=utf-8
body: |
<!doctype html><html><body><h1>portal</h1></body></html>
cache:
enabled: true
ttl: 120
- host: ^([a-z0-9-]+)\.inlets\.example\.com$
host_type: regex
backend:
service:
name: ${host.1}.tunnel
port: 443
protocol: https
- host: admin.internal
backend:
type: handler
handler:
headers:
Content-Type: text/plain; charset=utf-8
body: |
admin console demo host
cache:
enabled: true
ttl: 60
paths:
- path: /healthz
backend:
type: handler
handler:
headers:
Content-Type: text/plain; charset=utf-8
body: |
ok
- host: legacy.example.com
backend:
type: redirect
redirect:
url: https://www.example.com$request_uri
permanent: true
cache:
enabled: true
ttl: 120
- host: httpbin.work
backend:
service:
mode: external
protocol: https
name: httpbin.zcorky.com
port: 443
scenarios:
active: default
items:
- id: peak
label: 高峰
description: Admin 演示 — 延长 api.example.com 缓存 TTL
overlay:
rules:
- host: api.example.com
backend:
cache:
enabled: true
ttl: 900要点:
admin.enabled: true— 与代理(8080 / 8443)同进程,API 监听 9080。admin.auth.type: basic— 本演示包显式启用登录(admin/admin);默认 auth 类型为none— 见 Admin 认证示例。admin.web.dev_proxy: true— 仅 API;UI 需cd core/admin/web && pnpm dev。- 省略
logging时,默认在 YAML 同目录写入./access.log、./error.log(无需/var/log/ingress)。
校验与运行
bash
ingress validate -c examples/admin-console/ingress.yaml
ingress run -c examples/admin-console/ingress.yaml预期启动日志:
text
Admin started at http://127.0.0.1:9080
Server started at http://127.0.0.1:8080示例数据
| 资源 | 用途 |
|---|---|
access.log / error.log | 日志 UI 的预生成行 |
admin.db | 首次启动创建;空库会写入 bootstrap WAF 事件与审计记录 |
certs/ | https.ssl 引用的示例证书 |
在仓库根目录重新生成:
bash
python3 examples/admin-console/scripts/gen_sample_data.py
go run ./examples/admin-console/scripts/gen_sample_certs/main.go详见 Admin 控制台指南。